Re: [iot-pmc] Using newer version of already approved works-with depende

[Jens Reimann <jreimann@xxxxxxxxxx>]

On Tue, Apr 10, 2018 at 9:58 AM, Hudalla Kai (INST/ECS4) <kai.hudalla@xxxxxxxxxxxx> wrote:

On Tue, 2018-04-10 at 09:46 +0200, Jens Reimann wrote:
> I absolutely like the idea!
>
> I would hope that we can go even one step further and apply the same for
> regular Type_A CQs. As long as the license doesn't change that should not have
> any impact (as least from my limited legal perspective).
>

I think for Type A pre-req CQs it's a little different because the source code is
actually scanned for "hints" regarding the effective license that the code is
under. So, if new code is added in a newer version, then new "hints" for
additional licenses might show up.

That is true. But it would make our life so much easier. So maybe we can at least explore the idea
for micro version updates. Still something could sneak in there. And it definitely is not appropriate

for Type_B. And I do know that not all dependencies adhere to the idea of major.minor.micro. And if
something comes up later on, it has to be corrected or pulled.

But I would hope that it could be an acceptable risk for Type_A projects to approve e.g. "FooBar 1.2.x".

--

Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________

Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill